Treasury role in mock cyber attack

A cyber warfare exercise simulating the impact of a concerted attack by a rogue state on the UK financial sector has been staged by key players including financial firms and the Treasury.

Details of the event, disclosed for the first time by the Bank of England, suggest authorities are taking seriously the threat posed not just by independent hackers but foreign governments who may be intent on causing chaos in markets.

Organisers of the exercise last November - dubbed Waking Shark II - devised a scenario that placed the sector "under severe stress" facing more extreme pressures than have ever been seen before.

The report said: "The scenario was based on a concerted cyber attack against the UK financial sector by a hostile nation state with the aim of causing significant disruption/dislocation within the wholesale market and supporting infrastructure."

Over a four-hour session, the exercise simulated a three-day period coinciding with a so-called Triple Witching phase - when markets can be volatile as stock index futures, stock index options and stock options all expire on the same day.

Around 220 people took part in the event, including staff from banks and other City institutions as well as regulators and Government agencies and the Bank of England.

Promoted stories

It examined how firms would manage their responses to attacks both from a business perspective and on a technical level - in particular their use of a tool known as CISP for information sharing.

The exercise simulated distributed denial-of-service (DDoS) attacks - which use hacked systems to launch multiple assaults on one target - that would cause global companies' websites to be unresponsive.

It also included the impact of other more sophisticated attacks "that penetrated the firms' networks for disruptive and destructive purposes".

Problems with money and payment processes as well as share price data formed part of the scenario too.

The Bank of England said the report showed that "considerable progress" had been made since previous exercises in 2011 and highlighted areas that could be further improved.

Recommendations included considering a single body to manage communications across the sector during an incident, enhancement of the CISP platform, and making firms aware of the need to report incidents to law enforcement and regulators.

Some of those who took part suggested the scenario could have been more technically challenging with greater market stress over a longer period.

The report came as the vulnerability of Britain's essential services was being discussed at the first summit bringing together intelligence and security chiefs with regulators.

Business Secretary Vince Cable was leading the meeting focused on the financial, water, energy, communications and transport sectors.

Mr Cable warned there was a "serious and growing threat" of issues such as power failures, travel delays and late payments as criminals and terrorists sought to exploit IT systems.

Share article

"Cyber attacks are a serious and growing threat to British businesses," he said.

Bank of England deputy governor Andrew Bailey said: "It is essential for financial stability that the UK financial system and its infrastructure continues to work towards improving its ability to withstand cyber attacks."

Ipsoregulated

This website and associated newspapers adhere to the Independent Press Standardards Organisations's Editors' Code of Practice. If you have a compaint about editorial content which relates to inaccuracy or intrusion, then please contact the editor here. If you are dissatisfied with the response provided you can contact IPSO here